@aminya/group-dependencies
Advanced tools
Allows for specifying specific non-production packages to install, for use in an environment that only installs production variables ie; heroku.
With group-dependencies, you can group your dependencies in different batches. For exmaple, you can have a "buildDependencies" or "lintDependencies". This is very useful when you don't need to install all the dependencies for a certain task. Using this you can save a lot of time in CI.
For example, put build dependencies in a separate property, buildDependencies, and install only those packages as needed, by adding to "scripts": { "heroku-postbuild": deps install build" } to your package.json.
You need to install this package globally, if you want to use it on a clean directory:
npm install @aminya/group-dependencies -g
First, add a new dependencies group to package.json:
{
...
"devDependencies": {
"intercept-stdout": "^0.1.2",
"jest": "^20.0.4",
"strip-color": "^0.1.0"
},
// our new group representing testing dependencies
"testDependencies": [
"jest"
]
...
}
Now you can install only the dependencies for this new group:
# This will install jest@^20.0.4:
deps install test
# Install dependencies in the named group
deps install [GROUP_NAME]
npm gives you two groups to specify dependencies (i.e. dev and prod). In the real world, we have multiple dependency environments (e.g. test, build, production, development).
Any item added to the [GROUP_NAME]Dependencies property will be installed with
deps install [GROUP_NAME]. If a matching package is found in devDependencies or dependencies,
that version will be installed.
// Here's the part that matters.
"buildDependencies": [
"webpack",
"@babel/preset-env"
]
The decision to use this strategy, with an array, was made so that we can leverage a few things.
npm manage installing your dev dependencies.Behind the scenes, it makes a new package.json, and then uses that for installation. Once the installation is done, it restores the original package.json.
It is also capable of using group-specific lock files, which can speed up the installation process.
FAQs
Allows for specifying specific non-production packages to install, for use in an environment that only installs production variables ie; heroku.
We found that @aminya/group-dependencies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.
Product
Explore exportable charts for vulnerabilities, dependencies, and usage with Reports, Socket’s new extensible reporting framework.
Product
Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.